search

airbnb / streamalert

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
https://streamalert.io
Apache License 2.0
2.85k stars 330 forks source link

[config] Added Github cloud schema #1334

Closed BenGallagher-RL closed 2 weeks ago

BenGallagher-RL commented 2 years ago

to: cc: @airbnb/streamalert-maintainers related to: resolves:

Background

Github Cloud Enterprise allows for direct pushing of audit logs to an S3 bucket. The schema for these logs has many potential fields. By reviewing several weeks of Github logs in the S3 bucket, a schema has been developed to contain the multiple fields, and to determine if they are optional or not.

Changes

Testing

This schema has been in use without issue for several weeks.

BenGallagher-RL commented 2 years ago

There's an error is this commit's config. Fixing imminently.

BenGallagher-RL commented 2 years ago

FIxed. Ready for review @chunyong-lin